Programmatically unlocking IIS configuration sections in Powershell

我们两清 提交于 2019-11-27 05:59:45

问题


I am writing a powershell script to create and configure a number of websites and virtual directories. I am using the .NET Microsoft.Web.Administration assembly. I have created a new application under the default website and added a new virtual directory to it and it all works well. What I'm trying to do now is set up the authentication options for the virtual directory. I am doing the following in powershell:

[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Web.Administration")

$oIIS = new-object Microsoft.Web.Administration.ServerManager
$oWebSite = $oIIS.Sites["Default Web Site"]
$oApp = $oWebSite.Applications["/MyApp"]

$oConfig = $oApp.GetWebConfiguration()

$oAnonAuth = $oConfig.GetSection("system.webServer/security/authentication/anonymousAuthentication")
$oAnonAuth.SetAttributeValue("enabled", "False")

However, the SetAttributeValue command gives me the following error:

"This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false"

From what I have read elsewhere, there are some suggestions to change the XML file for the application to allow overriding. I don't want to have to do that - is there any way to programmatically unlock the configuration to allow me to change it? I don't want any user input into this process at all..

Thanks for any help, Al.


Found the answer I was looking for - but being a new user I can't answer my own question for 24 hrs..

I think I found the code below on this site, but my machine has since rebooted so I've lost the page. However, the following seems to work:

#
# Allow overriding of the security settings.
#
$oGlobalConfig = $oIIS.GetApplicationHostConfiguration()
$oConfig = $oGlobalConfig.GetSection("system.webServer/security/authentication/anonymousAuthentication", "Default Web Site/mySite")
$oConfig.OverrideMode="Allow"
$oIIS.CommitChanges()

#
# Following the commit above, we need a new instance of the configuration object, which we can now 
# modify.
#
$oGlobalConfig = $oIIS.GetApplicationHostConfiguration()
$oConfig = $oGlobalConfig.GetSection("system.webServer/security/authentication/anonymousAuthentication", "Default Web Site/mySite")
$oConfig.SetAttributeValue("enabled", "False")
$oIIS.CommitChanges()

回答1:


I wrote a blog post about this quite a while back. http://www.danielrichnak.com/powershell-iis7-teach-yoursel/

The below code will loop through everything in system.webserver level and unlock it. You can target different nodes as you see fit.

$assembly = [System.Reflection.Assembly]::LoadFrom("$env:systemroot\system32\inetsrv\Microsoft.Web.Administration.dll")

# helper function to unlock sectiongroups
function unlockSectionGroup($group)
{
    foreach ($subGroup in $group.SectionGroups)
    {
        unlockSectionGroup($subGroup)
    }
    foreach ($section in $group.Sections)
    {
        $section.OverrideModeDefault = "Allow"
    }
}

# initial work
# load ServerManager
$mgr = new-object Microsoft.Web.Administration.ServerManager
# load appHost config
$conf = $mgr.GetApplicationHostConfiguration()

# unlock all sections in system.webServer
unlockSectionGroup(
     $conf.RootSectionGroup.SectionGroups["system.webServer"])

Your solution is similar but different enough that I can't verify what you've got, but since you say it works - sounds good. :)



来源:https://stackoverflow.com/questions/5717154/programmatically-unlocking-iis-configuration-sections-in-powershell

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!